Information Assurance Oversight

Protecting data is no longer an option. Government regulations such as FISMA, OMB A-130, and the Computer Security Act require federal agencies to develop, test, and monitor internal controls to protect their data and ensure its confidentiality, availability, and integrity.

As part of its Information Assurance Oversight Program, C5i has developed a detailed methodology based on NIST, FIPS, OMB, DISN, DoD, DISA, NSD, GISA, HSPD, H.R. Acts, NSA Security Guides, Army regulations, DON Policies, USMC References, Executive Orders standards that can help federal agencies and organizations comply with the myriad of federal computer security regulations. This methodology provides a logical, comprehensive approach for ensuring that organizations comply with all applicable laws and guidelines and maintain adequate protection of their electronic data.

Examples of C5i's Regulatory Assessment Program evaluations that apply to government agencies and organizations include:

Security Program Management Support

Develop & Maintain Security Oversight Programs
Security Budget & Staffing Management
Security Remediation Management (POA&MS)
Privacy Program Management
Training & Awareness Management

Security Documentation Compliance Assessment
Develop & Maintain Security Documents & Policies (SSP, COOP, Contingency Plans, Disaster Recover Plans, etc.) based on NIST, FIPS, OMB, DISN, DoD, DISA, NSD, GISA, HSPD, H.R. Acts, NSA Security Guides, Army Regulations, DON Policies, USMC References, Executive Orders, ISO 17799 (27001)...etc.

Perform Security Assessments

FISMA Self-Assessment and Reporting
Certification & Accreditation (C&A) based on RMF, NIST, OMB
Security Test & Evaluation (ST&E)
Risk Assessment
Privacy Impact Assessment (PIA)
Network Security Assessment (Pen Test)
Application Security Assessment (Pen Test)
Baseline Vulnerability Assessment
Security Architecture Evaluation
Enterprise Architecture Evaluation
Physical & Environmental Assessments
Code Review